Industry Standards
& Compliance

Setting the right

Cryptomathic is a member of
and/or conforms to the
following standards:



CEN, the European Committee for Standardization, is an association that brings together the National Standardization Bodies of 33 European countries. CEN provides a platform for the development of European Standards and other technical documents in relation to various kinds of products, materials, services and processes.

CEN supports standardization activities in relation to a wide range of fields and sectors including: air and space, chemicals, construction, consumer products, defense and security, energy, the environment, food and feed, health and safety, healthcare, ICT, machinery, materials, pressure equipment, services, smart living, transport and packaging.


EMVCo manages, maintains and enhances the EMV Integrated Circuit Card Specifications for chip-based payment cards and acceptance devices, including point of sale (POS) terminals and ATMs. EMVCo also establishes and administers testing and approval processes to evaluate compliance with the EMV Specifications. EMVCo is currently owned by American Express, JCB, MasterCard and Visa.

A primary goal of EMVCo and the EMV Specifications is to help facilitate global interoperability and compatibility of chip-based payment cards and acceptance devices. This objective extends to new types of payment devices as well, including contactless payment and mobile payment.


ETSI, the European Telecommunications Standards Institute, produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and Internet technologies. ETSI standards enable the technologies on which business and society rely.

For example, the standards for GSM™, DECT™, Smart Cards and electronic signatures have helped to revolutionize modern life all over the world.


GlobalPlatform is an independent, not-for-profit organization driven by over 50 cross-industry member organizations. GlobalPlatform is the leading, international association, focused on establishing and maintaining interoperable specifications for single and multi-application smart cards, acceptance devices and systems infrastructure that deliver benefits to issuers, service providers and technology suppliers.

Microsoft Partner Network

The Microsoft Partner Network is designed to equip organizations that deliver products and services based on the Microsoft platform with the training, resources and support they need to provide their customers a superior experience and outcomes. The Microsoft Gold Competency signifies to the market that a company has demonstrated the highest level of skill and achievement within a given technology specialism. Each competency has a unique set of requirements and benefits, formulated to accurately represent the specific skills and services that partners bring to the industry.

To earn a Microsoft Gold Competency, organizations must complete a rigorous set of tests to prove their level of technology expertise. Cryptomathic has achieved a Gold Independent Software Vendor (ISV) / Software Competency in the Microsoft Partner Network, demonstrating its ability to meet Microsoft customers' evolving needs in today's dynamic business environment.

MULTOS Consortium

The MULTOS Consortium is a group of international blue chip organizations, whose objective is to promote MULTOS as the smart card industry standard cross all market sectors. The diversity of the consortium membership reflects the interests of companies in many sectors, including telecommunications, e-commerce, travel, entertainment, retail, media and government/public sectors. It is the consortium members, as a group, who are also responsible for the ongoing maintenance and development of the MULTOS specification.


NIST (The National Institute of Standards and Technology) is a non-regulatory federal agency within the U.S. Department of Commerce which is heavily involved in standardization of cryptographic solutions. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

The NIST Federal Information Processing Standard - FIPS - is one of many NIST initiatives relevant to secure solutions. For the use of HSMs (Hardware Security Modules) FIPS 140 has prevailed as the predominant standard for security evaluation. Cryptomathic uses HSMs which are accredited the FIPS 140-2 Level 3 or 4, as these HSMs comply with many major industry standards, e.g. as set out by card payments schemes, e.g. Visa as well as governments and military.


OATH is an industry-wide collaboration to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication. OATH is comprised of industry leaders working with other standards groups toward the propagation of ubiquitous strong authentication, enabling eBusiness and giving customers the confidence to conduct secure commerce and communication online. An OATH ecosystem consists of devices, chip sets, platforms, applications, integrators, and customers, all working together in a strongly authenticated, highly secure environment.


OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society.

OASIS promotes industry consensus and produces worldwide standards for security, Cloud computing, SOA, Web services, the Smart Grid, electronic publishing, emergency management, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology.

PCI Security Standards Council

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.



PKCS, which is stands for Public Key Cryptography Standard is one of the most important standard frameworks in modern cryptography. Since work on the standard was started in the 1980s there have been many standards published under this framework. The most notable PCKS standard that Cryptomathic works with is PKCS#11 -- used for integration software applications with Hardware Security Modules (HSMs). Cryptomathic products support and adhere to many of the other PKCS standards as well.

Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. The Alliance invests heavily in education on the appropriate uses of technology for identification, payment and other applications and strongly advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart card technology, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America.

Trusted Computing Group

The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications will enable more secure computing environments without compromising functional integrity, privacy, or individual rights. The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft.

More to explore

Management team
Management Team

Our key group members maintaining operations and customer-driven excellence

More about our team
Board of Directors
About Cryptomathic

Strong technical expertise and unique market knowledge

About us

Find free resources and white papers

Discover our resource library